On Tue, 2009-09-29 at 11:20 -0500, Dan Burkland wrote:
I experienced the same problem and found a solution. In your /etc/ldap.conf file (which I had the ldap.conf in /etc/openldap symlinked to), add the following line to the bottom of the file:
nss_initgroups_ignoreusers root,haldaemon,dbus,ldap,sshd (any other group that is locally stored and used by applications go here)
---- having these lines in /etc/ldap.conf has helped me a lot...
timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus
As for symlinking /etc/ldap.conf to /etc/openldap/ldap.conf...
that's a bad idea because they serve different purposes. OpenLDAP developers have often lamented that padl chose to name their settings file with the same name and it just creates confusion.
/etc/ldap.conf is for nss/padl
/etc/openldap/ldap.conf is for users who execute openldap client programs such as ldapsearch/ldapmodify/etc.
The file contents are necessarily different.
Craig